A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

Bluetooth Security

Bluetooth is a wireless medium for a number of privacy hazards.

Bluetooth is a very convenient wireless feature found in almost every smart communication device nowadays. However, the convenience comes at a cost to your safety. Bluetooth is a wireless medium for a number of privacy hazards.

Viruses and Worms

Bluetooth provides an easy medium for viruses to propagate from one device to another. This enables them to spread rapidly from one infected device to several other devices in the vicinity. Viruses are often transmitted in the form of unsolicited Bluetooth messages, a phenomenon known as Bluejacking. As soon as the receiver opens the message to read it, the virus infects the device and the cycle repeats.

Bluesnarfing

The act of gaining unauthorized access to a Bluetooth device in order to steal or modify data by another Bluetooth device is known as Bluesnarfing. Bluesnarfing has a direct impact on the privacy of the compromised user. Once a device is compromised, the hacker may have access to the user's phonebook, contact information, messages, data, photographs and videos. It may even be possible to send messages from the compromised phone.

Bluebugging

Bluebugging occurs when a victim's device is controlled by an attacker, who sends commands to perform actions as if he had physical access to the device. This type of attack is analogous to what a Trojan horse does. Through bluebugging, a hacker can take control of the victim's phone by pretending to be the victim's Bluetooth headset and thereby tricking the phone into obeying its call commands.

Bluetoothing

Bluetoothing means social networking within a short range. It makes the user vulnerable to the possibility of harassment from a security point of view.

A few precautionary measures can be taken against Bluetooth hacks:

  • Keeping Bluetooth turned off is a good way to start. Only turn on Bluetooth when using it to transfer data. At all other times, Bluetooth should be turned off. This also saves power on the device.
  • Keep device discovery disabled. This keeps the device from being openly visible to other devices in the vicinity and makes it difficult for the device to be compromised.
  • Never accept unsolicited Bluetooth messages without verifying the source of the message. The source would have to be within a few meters, so verifying is always an option.
  • One may use good antivirus software on their device as defense against malicious programs.
  • Finally, keeping your firmware updated secures the device from most known security issues related to the system. This is usually done by first downloading and installing the firmware updating software from the device vendor's website on a computer. This is followed by attaching the device to the computer and running the updating software on the computer. The software installs the necessary updates onto the device. Different devices may have different ways of updating. The device vendor must be consulted for further support.

For detailed guidelines on securing your device, refer to the September 2008 publication from the National Institute of Standards and Technology entitled "Guide to Bluetooth Security."  This clearly written and well-organized document provides a summary of Bluetooth issues, recommendations and diagrams.

References

Share your comments, feedback or questions about this article and other topics. Go to our blog  or our Facebook group .

My home page